pfSense on Proxmox

fahadshery · Jul 12, 2022, 5:37 PM

Hi,

This is my current setup.
🔒 Log in to view
I can open the pfSense GUI at 192.168.10.1 from my laptop which is connected to my ISP router.

I can ping from 192.168.55.0/24 devices to any device at 192.168.1.0/24.

As mentioned, I can only access the pfSense firewall at 192.168.55.10 from 192.168.1.0/24 but not the devices on 192.168.55.0/24 network.

The System logs shows the ICMP ping from my laptop to the destination VM behind pfsense and its not blocking it...
what am I missing?

viragomann · Jul 12, 2022, 6:03 PM

@fahadshery said in pfSense on Proxmox:

As mentioned, I can only access the pfSense firewall at 192.168.55.10 from 192.168.1.0/24 but not the devices on 192.168.55.0/24 network.

No idea, where these network ranges should be in your setup. The picture doesn't show them.

Apart from this you have configured 192.168.10.0/24 on both WAN and LAN side of pfSense?

fahadshery · Jul 12, 2022, 6:15 PM

@viragomann ٰ sorry if it wasn't clear from the diagram.
Here is the total network:
ISP router = 192.168.0.0/24. This router is used to connect wireless devices in the house and connects them to the Internet.
An Ethernet cable goes from this router to the Proxmox server's one of the NIC interfaces. This interface will be used to get WAN address from the router.
Proxmox server = 192.168.10.0/24. The Cisco switch and the pfSense LAN live on this network.

I then added a static route in the ISP router for 192.168.10.0/24 via the WAN IP that it assigned to the WAN interface of the pfSense then open up a firewall rule on the WAN to pass any traffic that gets on the WAN interface.

As mentioned, devices on the 192.168.10.0/24 can ping and see devices on the 192.168.0.0/24 network.
But the laptop can only see the pfSense web GUI and can't access the devices on 192.168.10.0/24 network.

Hope this helps?

viragomann · Jul 12, 2022, 6:43 PM

@fahadshery said in pfSense on Proxmox:

But the laptop can only see the pfSense web GUI

Which IP, WAN or LAN?

And the laptop has an IP in 192.168.0.0/24?
I guess, it is connected via wifi. So that means, your wifi is bridged to the routers LAN (AP mode)?

fahadshery · Jul 12, 2022, 8:51 PM

And the laptop has an IP in 192.168.0.0/24?

yes, router is at 192.168.0.1 and the laptop is at 192.168.0.90

I guess, it is connected via wifi. So that means, your wifi is bridged to the routers LAN (AP mode)?

yes, laptop is connected via wifi to the router. yes, router does hand out DHCP to its connecting devices from the pool within the 192.168.0.0/24 subnet

Patch · Jul 13, 2022, 9:56 AM

@fahadshery
In my opinion you are compromising your system by using ISP router as a router & using it's wifi.

A better solution is:

just use pfsense as your router.
Your wifi access point belongs on the lan side of pfsense firewall router. A combined product can be used for this but only in bridge mode or better still use a product designed to be an access point.
On the WAN side of pfsense you want only a modem (eg a combined product in bridge mode & wifi disabled)
Proxmox console has a LAN address

PS
Save a copy of your ISP router's configuration prior to putting it in bridge mode. That way if a Proxmox update fails you can restore the ISP routers configuration and use that to restore a broken Proxmox installation.

EdIlS0N LiMa · Sep 24, 2022, 2:28 PM

@patch https://www.youtube.com/watch?v=3l0AySgYlkg&t=380s